7a1c141abd03f291d1d5c003152f91e19cd8788dabc3e84f15f02fcc5fc2cb85 | Triage

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
27/06/2024, 10:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7a1c141abd03f291d1d5c003152f91e19cd8788dabc3e84f15f02fcc5fc2cb85_NeikiAnalytics.dll
Size

1KB
MD5

e366ab093be9d54d1612384d10d6d3e0
SHA1

352f4fee160f3e6f8fac21f9d9fb23f9bfadea2a
SHA256

7a1c141abd03f291d1d5c003152f91e19cd8788dabc3e84f15f02fcc5fc2cb85
SHA512

8c5d9f210087630a57c61fd16841c424bbcb466498ad4c37198bab5184412666d4f1f5752f681326bc125901694c1b0d4c5182322c0e480941a78a1719d0804b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1752 wrote to memory of 1884	1752	rundll32.exe	28
PID 1752 wrote to memory of 1884	1752	rundll32.exe	28
PID 1752 wrote to memory of 1884	1752	rundll32.exe	28
PID 1752 wrote to memory of 1884	1752	rundll32.exe	28
PID 1752 wrote to memory of 1884	1752	rundll32.exe	28
PID 1752 wrote to memory of 1884	1752	rundll32.exe	28
PID 1752 wrote to memory of 1884	1752	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7a1c141abd03f291d1d5c003152f91e19cd8788dabc3e84f15f02fcc5fc2cb85_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1752
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7a1c141abd03f291d1d5c003152f91e19cd8788dabc3e84f15f02fcc5fc2cb85_NeikiAnalytics.dll,#1
  2⤵
  PID:1884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1884-1-0x0000000010001000-0x0000000010002000-memory.dmp

Filesize
4KB

Download
memory/1884-0-0x0000000010000000-0x000000001001E000-memory.dmp

Filesize
120KB

Download